Jan Dittberner
47d5b2afff
- implement a dedicated setup mode for creating CA certificates that is triggered by the '-setup' command line flag - switch to YAML configuration for comment support and more human readable syntax. Format documentation is in docs/config.sample.yaml - move HSM related code to pkg/hsm - improve consistency checks in pkg/config
42 lines
828 B
Go
42 lines
828 B
Go
package hsm
|
|
|
|
import (
|
|
"context"
|
|
"log"
|
|
)
|
|
|
|
func EnsureCAKeysAndCertificates(ctx context.Context) error {
|
|
var label string
|
|
|
|
conf := GetSignerConfig(ctx)
|
|
|
|
for _, label := range conf.RootCAs() {
|
|
crt, err := GetRootCACertificate(ctx, label)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
log.Printf("got root CA certificate:\n Subject %s\n Issuer %s\n Valid from %s until %s\n Serial %s",
|
|
crt.Subject,
|
|
crt.Issuer,
|
|
crt.NotBefore,
|
|
crt.NotAfter,
|
|
crt.SerialNumber)
|
|
}
|
|
|
|
for _, label = range conf.IntermediaryCAs() {
|
|
crt, err := GetIntermediaryCACertificate(ctx, label)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
log.Printf("got intermediary CA certificate:\n Subject %s\n Issuer %s\n Valid from %s until %s\n Serial %s",
|
|
crt.Subject,
|
|
crt.Issuer,
|
|
crt.NotBefore,
|
|
crt.NotAfter,
|
|
crt.SerialNumber)
|
|
}
|
|
|
|
return nil
|
|
}
|